In message <20100420121646.ge15...@vacation.karoshi.com.>, bmann...@vacation.ka
roshi.com writes:
> On Tue, Apr 20, 2010 at 01:58:13PM +1000, Mark Andrews wrote:
> >
> > > You are charmingly naive about how "the law" actually works in the USA -
> > &
> solutions.
Hopefully being on the Internet, for the home user, will mean you
have IPv6 connectivity and public address space handed out using
PD in 3-5 years time. That Google, Yahoo etc. have turned on IPv6
to everyone. DS-lite or some other distributed NAT44 technology
is being used
In message <67d28817-d47b-468f-9212-186c60531...@internode.com.au>, Mark Newton
writes:
>
> On 20/04/2010, at 1:28 PM, Mark Andrews wrote:
>
> > Changing from a public IP address to a private IP address is a big
> > change in the conditions of the contract. People
> > We should be especially cautious about it when the functionality we are
> > interested in is really no more than a happy side effect of some other
> > functionality. NAT's "security", to the extent that it exists at all, is
> > a side effect of what it is inte
g to revisit that config switch.
>
> Anybody have some statistics on what the current situation is?
Given I've been running dual stack nameservers for the last 7 years
and never noticed any real problems I expect his problems are actually
closer to home.
Mark
--
Mark Andrews, ISC
1 Seym
s they need to renumber you, you'll probably get
> > a new RA with the 60/90 minute lifetimes specified each time RAs are
> > sent and your counters will all get reset to 60/90 for the foreseeable
> > future. =A0The preferred and valid lifetimes aren't limitations, t
dors that return broken DNS responses. This
is after pointing out that the load balancer is broken and saying
why I want it (to inform the vendor / warn others not to purchace
a broken product). Invariably the administrator is too paranoid
to supply the information. The best one can hope for
en my brother printer as a firewall
built into it and it supports IPv6.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
you can delegate the reverse for the /48 to servers
run by the customers.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
In message <268ebce2-9d47-488e-8223-29b5a6323...@godshell.com>, "Jason
'XenoPhage' Frisvold" wri
tes:
> On Apr 27, 2010, at 8:42 PM, Mark Andrews wrote:
> > Windows will just populate the reverse zone as needed, if you let
> > it, using dynamic upda
y to change service providers without having to =
> renumber?
We have that ability already. Doesn't require NAT.
> Regards,
> -drc
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
In message , David Conrad
writes:
> Mark,
>
> On Apr 28, 2010, at 3:07 PM, Mark Andrews wrote:
> >> Perhaps the ability to change service providers without having to =
> renumber?
> >=20
> > We have that ability already. Doesn't require NAT.
>
o3t0osxa060...@drugs.dv.isc.org>
To: n...@uunet.ca
From: Mark Andrews
Subject: It shouldn't be this hard
Date: Thu, 29 Apr 2010 10:50:54 +1000
Sender: ma...@isc.org
Can't get to www.uunet.ca connection times out.
Non-working address in SOA contact field.
- --- Forwarded Me
ver IPv4 and run a tunnel broker.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
es does.
>
> 6to4
You don't want 6to4. Even if you provide relay routers the return
traffic is problematic. 6to4 also requires public IPv4 addresses
and you will eventually want to share these between your customers.
> Antonio Querubin
> 808-545-5282 x3003
> e-mail/xmpp: t...@l
In message <201005110413.o4b4disn031...@drugs.dv.isc.org>, Mark Andrews writes:
> > > How are ISPs that still offer dialup going to handle dialup and IPv6? I
> > > know the TNTs don't do it, and I don't think most of the old equipment
> > > in use
NAT router,
> and they're leaking some traffic non-NAT'd.
Why was this traffic hitting your DNS server in the first place? It should
have been rejected by the ingress filters preventing spoofing of the local
network.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 211
In message , Jon Lewis write
s:
> On Thu, 17 Jun 2010, Mark Andrews wrote:
>
> > Why was this traffic hitting your DNS server in the first place? It should
> > have been rejected by the ingress filters preventing spoofing of the local
> > network.
>
> When I ra
loomus.com
> without any success.
>
>
> Does someone have any brilliant suggestions?
> Please contact me on or off list
>
> Regards
> MKS
The server isn't even EDNS aware. I suspect your firewall doesn't
like a plain DNS response to a EDNS query.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
than hoping
that they are correct.
> Nick
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
our own 6to4
> router?
>
> If for example all my users have v4 addresses in 192.0.2.0/24, I could
> advertise 2002:C002:::/40 instead of or in addition to the full
> 2002::/16.
>
> Cheers.
> Mitchell
Which would end up with the entire set of IPv4 routes in IPv6. Th
- Network Engineering - j...@impulse.net
> Impulse Internet Service - http://www.impulse.net/
> Your local telephone and internet company - 805 884-6323 - WB6RDV
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
In message <20090502002406.gk4...@hezmatt.org>, Matthew Palmer writes:
> On Sat, May 02, 2009 at 09:40:23AM +1000, Mark Andrews wrote:
> >
> > In message <49fb4661.8090...@west.net>, Jay Hennigan writes:
> > > LEdouard Louis wrote:
> > > > Optimu
can do it.
Mark
> Regards,
> John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies
> ",
> Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
> "More Wiener schnitzel, please", said Tom, revealingly.
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
In message <70d072392e56884193e3d2de09c097a91f3...@pascal.zaphodb.org>, "Tomas
L. Byrnes" writes:
> Disclaimer: I have a dog in this fight, since ThreatSTOP is dependent on
> DNS/TCP.
>
> >-Original Message-
> >From: Mark Andrews [mailto:mark_andr.
NS referral from the root servers to the COM servers
already exceeded 512 bytes. The world hasn't fallen over.
That's dealt with that myth.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
DNS responses. It will have a impact on the number of DNS
queries made iff the receipents are in multiple mail domains.
Mark
> -BobbyJim
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
; Williams College
> (413) 597-3408 (office)
> (413) 822-2922 (cell)
> OIT will NEVER ask for your password!
What nameserver and version are you running?
What options do you have turned on in the nameserver?
What firewall settings do you have? Do you allow fragments
through?
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
obi. 86400 IN A 117.102.248.2
> ns2.push.mobi. 86400 IN A 117.102.248.3
> -
>
> best,
> Anton.
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
for certain that glue is
needed. There are other delegation patterns that also need
glue to be returned.
Mark
> --bill
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
ld master to parent master
so humans were completely out of the loop except to establish
the initial DS RRset in the parent.
Nanog however isn't the venue to discuss this. I would
think IETF DNSEXT WG would be
a reasonable place to hold the discussion.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
In message <20090708013805.ga1...@vacation.karoshi.com.>, bmann...@vacation.kar
oshi.com writes:
> On Wed, Jul 08, 2009 at 11:09:49AM +1000, Mark Andrews wrote:
> >
> > In message <20090707171251.ga2...@arin.net>, Mark Kosters writes:
> > > On Mon, Jul 06,
In message <20090708025854.ga1...@vacation.karoshi.com.>, bmann...@vacation.kar
oshi.com writes:
> On Wed, Jul 08, 2009 at 11:58:17AM +1000, Mark Andrews wrote:
> >
> > > > > received a lot of good feedback with the conclusion that using a rest
> ful
&g
pted to report a operational
problem with DNS servers and delegations just to have the
email bounce due to the data being out of date.
Proxy services just add yet another layer that can go wrong.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
ion of the transport stack will likely be both a
> driver and an effect of this trend, over time.
>
> ---
> Roland Dobbins // <http://www.arbornetworks.com>
>
> Unfortunately, inefficiency scales really well.
>
> -- Kevin Lawt
s too late for the pebbles to vote.
There is a difference between looking for a service and looking
for a specific vendor of a service.
> As the person I was replying to said, DNS is unlikely to go away,
> but I'll lay good money that some day most people won't eve
ally
poorly done.
It also only works well for iterative resolvers. It doesn't work
well for stub resolvers, nameservers that forward etc. as one now
has a key distribution problem.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
le.com/support/bin/answer.py?answer=6596
26si8920387qyk.119
quit
221 2.0.0 closing connection 26si8920387qyk.119
Connection closed by foreign host.
farside.isc.org:marka {3} %
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
services
as well.
> This question gets asked so many times now, whilst people argue about
> the implications of using networks smaller than /64 for anything
> such deployments continue to exist and are successful.
>
> Perhaps we should document people's addressing plans s
f the reasons for going to 128 bits was
so that we wouldn't have to worry about being overly conservative
with address at the network level. The original thinking was /80
which later changed to /64. Pack networks not hosts.
Mark
> --
> This message has been scanned for viruses and
>
enerally
> accepted that ignoring reports of infringement can bring about liability.
>
> Jack
It will be interesting to see the court cases against ISP's that
don't shutdown other illegal activities once they have been notified.
abuse@ better not be a blackhole or you are put
not resolve
>
> This could just be an SPF failure. Try some sender address you
> control.
>
It if it then that is a very bad diagnostic message.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
nts). This will be painful for some.
Note we all could start using IPv6 and avoid this problem altogether.
There is nothing stopping us using IPv6 especially for MTA's.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
re that 4th packet came along and knocked it free. I suspect
> it could have gone higher, but random scanning traffic on the internet
> was coming in. When there was a lot of traffic on the interface you
> would never see the packet loss, just reordering of every 4th packet and
> thus
ed their first /48 from 2620:0::/23), if your
> announcements are only longer than /32, you should be aware that Verizon
> is completely unreachable for you - even if you are a Verizon customer
> directly.
>
> --
> Jeff McAdams
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
In message <1255388942.12984.1.ca...@acer-laptop>, Bret Clark writes:
> On Tue, 2009-10-13 at 09:40 +1100, Mark Andrews wrote:
>
> > > Verizon's policy has been related to me that they will not accept
> > or
> > > propogate any IPv6 route advertise
> for business DSL: the link has a dynamic address and your netblock is then
> routed to it. (this is confusing and unworkable for a lot of cheap
> hardware.)
Just use a /64 for the customer link. That allows them to have a CGA if
they need one.
Mark
--
Mark Andrews
y, and
> the latest version will always have this filename, so please link to
> it instead of copying it, etc. etc.:
>
> http://www.braintrust.co.nz/resources/ipv6_flow_chart/ipv6_flow_chart-current.pdf
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
In message , Nathan Ward writes
:
>
> On 14/10/2009, at 7:23 PM, Mark Andrews wrote:
>
> > DS-Lite is there for when the ISP runs out of IPv4 addresses to
> > hand one to each customer. Many customers don't need a unique IPv4
> > address, these are the ones yo
satisfied that there is no
traffic over them.
> --
>
> Thanks; Bill
>
> Note that this isn't my regular email account - It's still experimental so
> far.
> And Google probably logs and indexes everything you send it.
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
-=-lq/A/spfwZ9P7pLx73k/
> Content-Type: application/pgp-signature; name="signature.asc"
> Content-Description: This is a digitally signed message part
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEABECAAYFAkreWLgACgkQSkRqA/Q6fe//UACfcPMTlaufxR4sk8pfJ9d7Uk/W
> rW4AmgNnotHOzM4DnvcT90ow+0kDxMVF
> =aZzD
> -END PGP SIGNATURE-
>
> --=-lq/A/spfwZ9P7pLx73k/--
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
a day as they move between work and home. All machines should
be in a position to renumber themselves as easily as we renumber a
laptop.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
ll honour the
TTL in the records.
> how often do the VPN devices revalidate the names?
At startup. A well designed VPN protocol will support end point
address mobility.
> what happens when the dns changes while the vpn is still up?
This should be transparent to everything other than th
vider assigned ones and use source address routing
to find a appropropiate exit path which doesn't break BCP 38. This
is as good as the NAT solutions for small-site multi-homing today.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
e.. ;)
>
> --==_Exmh_1257461806_2581P
> Content-Type: application/pgp-signature
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Exmh version 2.5 07/13/2001
>
> iD8DBQFK81gucC3lWbTT17ARAjaeAJ9Snqyq/z7qeF/Z+ag+xluKfUQAdwCgrJ4V
> LyG+0
s. A consumer should be able to
reasonably assume that the message was delivered.
If you bounce then they should be aware that it didn't get through
and they can take other steps to inform you.
> so, is this bill helping? or hurting? :(
>
> >
> > And the immediate usptreams
ess space you are
using.
We need automate the dissemination of these values within a
ISP to the customers so they can correctly configure their
address selection rules.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
s),
> Approximate round trip times in milli-seconds:
> Minimum = 235ms, Maximum = 252ms, Average = 246ms
>
> C:\Documents and Settings\Joseph>
>
> --
> Later, Joe
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
ny
> > > action.
> >
> > Yes, and that'd make a good case for the good old ops practice of
> > dialing down the TTL for a while before any NS change is made.
> >
> > --srs
> >
> --
> Jeremy Jackson
> Coplanar Networks
> (519)
ddrpolicy *pol, *ep;
/usr/src/lib/libc/net/name6.c: ep = (struct in6_addrpolicy *)(buf + l);
/usr/src/lib/libc/net/name6.c: for (pol = (struct in6_addrpolicy *)buf; pol +
1 <= ep; pol++) {
/usr/src/lib/libc/net/name6.c: struct in6_addrpolicy *pol;
%
--
Mark Andrews, ISC
1 Seymour St., D
Mark Andrews writes:
>
> In message <[EMAIL PROTECTED]>, Niels Bakker writes:
> > * [EMAIL PROTECTED] (Tony Hain) [Wed 26 Nov 2008, 01:03 CET]:
> > > In any case, content providers can avoid the confusion if they simply put
> u
> > p
> > > a local 6
In message <[EMAIL PROTECTED]>, Niels Bakker writes:
> * [EMAIL PROTECTED] (Mark Andrews) [Wed 26 Nov 2008, 01:55 CET]:
> > In message <[EMAIL PROTECTED]>, Niels Bakker writes:
> >> * [EMAIL PROTECTED] (Tony Hain) [Wed 26 Nov 2008, 01:03 CET]:
> >>> In
In message <[EMAIL PROTECTED]>, Niels Bakker writes:
> * [EMAIL PROTECTED] (Mark Andrews) [Wed 26 Nov 2008, 02:57 CET]:
> > 2002::/16 vs non 2002::/16 should be in the policy table. This is the
> > default prefer ipv6 policy table for FreeBSD 6.4-PRERELEASE. There is
In message <[EMAIL PROTECTED]>, Mohacsi Jano
s writes:
>
>
>
> On Wed, 26 Nov 2008, Mark Andrews wrote:
>
> >
> > Mark Andrews writes:
> >>
> >> In message <[EMAIL PROTECTED]>, Niels Bakker writes:
> >>> * [EMAIL PROTECTED]
In message <[EMAIL PROTECTED]>, Niels Bakker writes:
> * [EMAIL PROTECTED] (Mark Andrews) [Wed 26 Nov 2008, 03:20 CET]:
> >It's used for both.
>
> Yet from /usr/src/lib/libc/getaddrinfo.c
> ---
> /* Rule 7: Prefer native transport. */
>
The owner
> of each domain or host could publish a self-signed cert in a TXT RR,
> and the DNS chain of trust would be the only form of validation needed.
Or one could use the CERT to publish a cert :-)
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
the domain was delegated in the first place.
The natural place to look for DNS trust is in the DNS.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
ine
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.9 (GNU/Linux)
>
> iEYEARECAAYFAkl2XtAACgkQcXeLeWu2vmrR+wCePhZM2IrxV1mCKpnpsL6RDPIk
> KnoAnRyVJpYrlan65MYJF7LRJc8nXJuj
> =F1Dc
> -END PGP SIGNATURE-
>
> --J+eNKFoVC4T1DV3f--
>
Or better yet trace th
cache in 9.3.x.
option/view level "allow-query { trusted; };"
zone level "allow-query { any; };"
BIND 9.4.x and later have allow-query-cache make the
configuration job easier. It also defaults to directly
In message <497705bd.33e4.009...@globalstar.com>, "Crist Clark" writes:
> >>> On 1/20/2009 at 7:23 PM, Mark Andrews wrote:
>
> > In message <20090121140825.xwdzd4p64kgwo...@web1.nswh.com.au>,=20
> > j...@miscreant.or=20
> > g writes
he rest of the world to properly implement ingress
> filtering (ha, ha), I think dropping the specific packets that
> generate the reflected traffic is good enough for now. The load on the
> reflectors is minimal.
>
> Nathan.
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
f them do as they
usually apply these filters to home networks.
BCP 38 is ~10 years old now. It should have been factored
into the purchasing decision of all the current equipement.
If it wasn't then the operator was negligent.
Mark
> Regards,
In message , Marti
n Hannigan writes:
> On Sat, Jan 24, 2009 at 8:01 PM, Mark Andrews wrote:
>
> >
> > In message <8c5f1fec-ff51-4ba2-a762-c13bc275e...@virtualized.org>, David
> > Conrad writes:
> > > It would seem that as ISPs implement DPI and protoc
Unless you are using 10.0.0.0/8 then you aren't implementing
BCP 38 either. If you were you wouldn't be seeing queries from
10.0.0.0/8.
Mark
> Best wishes,
> Nate Itkin
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
but at least it is a place
> to start. I appended that code below for those who are interested in it.
Which will just make the attacks evolve. It's pretty easy
to design a amplifing DNS attack which is almost indetectable
unless you know which addresses are bei
elieve) is no longer there with BIND 9.4.3-P1.
> The port was bound at startup time and did not change as long as named was
> still running.
> --
> Steve
> Equal bytes for women.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
ed". This should be auditable.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
ile
> automatically and you're getting most of the way there, by sheer number
> of DNS servers.
>
> -Phil
The most common reason for recursive queries to a authoritative
server is someone using dig, nslookup or similar and forgeting
to disable recursion o
a prefix
> > that should enough for a decent sized country in a half-rack.
> >
> > It's only slightly harder to imagine a /48 being wasted like that.
>
> Except the RIRs won't give you another /48 when you have only used one
> trillion IP addresses.
>
&g
address, with a minimum
> fee of AU$10,384.
>
> After the first year of the initial assignment or allocation,
> there is an annual registration fee is AU$0.127 per host or
> site address, with a minimum fee of AU$1,038.40.
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
g up and down). This is going to be far more of
> an issue and drive network design than a minor blow out in the v6
> routing table.
Assign the prefixes using PD and use aggregate routes out side of the pop.
IPv6 nodes are designed to be renumbered. Use the technology. Stop thinking
IPv4 and s
gt;
> > No larger than their ARP tables are now.
> >
> And ARP tables are propogated around networks? No, they're local to a
> router.
>
> MMC
>
> --
> Matthew Moyle-Croft - Internode/Agile - Networks
> Level 4, 150 Grenfell Street, Adelaide, SA 5000 Aus
ess from a RIR, LIR or ISP. The lease may not be
renewed when it next falls due. You may get assigned a
different set of addresses at that point. You should plan
accordingly.
The only difference is the mechanisms used to assign the
leases and the probability
that will
> actually work in practice. And that brings us back to the good old catch-22
> of ISPs not supporting IPv6 because consumer CPE doesn't support it, and CPE
> not supporting it because ISP don't...
>
> Scott.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
In message <20090205030522.13d152b2...@mx5.roble.com>, Roger Marquis writes:
> Mark Andrews wrote:
> > All IPv6 address assignments are leases. Whether you get
> > the address from a RIR, LIR or ISP. The lease may not be
> > renewed when it next falls d
ing that does not work?
BTW stateless autoconf and DHCP are complementry technologies.
> The IPv4 mistake you've NOT learned from here is
> "rarp". DCHP does far more than tell a host was address it should use.
> (yes, I've called for the IPng WG member's execution, reanimation, and
> re-execution, several times.)
>
> --Ricky
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
ady list as the DMZ address. :-)
WII's should be able to be directly connected to the network
without any firewall. If they can't be then they are broken.
> c'ya
> sven
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871
In message <498bddac.7060...@eeph.com>, Matthew Kaufman writes:
> Mark Andrews wrote:
> > WII's should be able to be directly connected to the network
> > without any firewall. If they can't be then they are broken.
>
> As I'm sure you kn
-
> Peter Beckman Internet Guy
> beck...@angryox.com http://www.angryox.com/
> ---
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
ogy
change over bring in new functionality.
Mark
> Does ARIN lack sufficient resources to vet jumbo requests?
>
> Did Verizon Wireless benefit from favoritism?
>
> Is Barack Obama concerned that his blackberry will not function if
> Verizon one day runs out of v4
t be done, but
> that there are so many still-to-be-answered questions between here and
> there...
And the only way to answer them is to go ahead and find the
gaps. Waiting and waiting won't find the problems and will
just put you under more time presure.
| Stateless DHCPv6).
address + default gateway. I know where the root servers live :-)
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
I know there are some that do.
Please cite references.
I can find plenty of firewall required references but I'm
yet to find a NAT and/or RFC 1918 required.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
tered manually, DHCPv6, or from IPv4 network
> configuration (ie. DHCP!) Forcing this BS on the world is a colossal
> waste. We've had a system to provide *ALL* the information a host needs
> or wants in the IPv4 world for years. Why it's not good enough for IPv6
> is beyond me.
>
> --Ricky
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
Systems and Network Administrator - HiWAAY Internet Services
> > I don't speak for anybody but myself - that's enough trouble.
> >
> >
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
gnatures.
The machine's name is not tied to the network on which it
lives.
Mark
> Or, we simply continue down the path of more NATv4.
>
> Regards,
> -drc
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
In message <14076.1234917...@turing-police.cc.vt.edu>, valdis.kletni...@vt.edu
writes:
> --==_Exmh_1234917735_3892P
> Content-Type: text/plain; charset=us-ascii
>
> On Wed, 18 Feb 2009 10:55:30 +1100, Mark Andrews said:
> > I solve it by give the machine a na
In message <33415e7e-23f2-45f2-9281-ab1685dee...@virtualized.org>, David Conrad
writes:
>
> On Feb 17, 2009, at 1:55 PM, Mark Andrews wrote:
> >> (which was never fully
> >> thought out -- how does a autoconfig'd device get a DNS name
> >> associated
In message <6f7ba817-320b-414f-9811-03b476990...@virtualized.org>, David Conrad
writes:
> On Feb 17, 2009, at 3:55 PM, Mark Andrews wrote:
> > In otherwords ISP's need to enter the 21st century.
>
> Yeah, those stupid, lazy, ISPs. I'm sure they're just s
termine which
customer had that address at the times I list in my logs -
even though these logs are sent within 48 hours of the
incidents.
One shouldn't need to have to get the indentities of the perpetrators
to get AUP enforced. Port scanning is against 99.9% of AUP
901 - 1000 of 1172 matches
Mail list logo